{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T14:36:23Z","timestamp":1773930983664,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,6,12]],"date-time":"2019-06-12T00:00:00Z","timestamp":1560297600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"BMBF","award":["CRISP-DA"],"award-info":[{"award-number":["CRISP-DA"]}]},{"name":"German Research Foundation (DFG)","award":["2050 Privacy and Trust for Mobile Users"],"award-info":[{"award-number":["2050 Privacy and Trust for Mobile Users"]}]},{"name":"German Research Foundation (DFG)","award":["1119 CROSSING"],"award-info":[{"award-number":["1119 CROSSING"]}]},{"name":"German Research Foundation (DFG)","award":["1053 MAKI"],"award-info":[{"award-number":["1053 MAKI"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,6,12]]},"DOI":"10.1145\/3307334.3326089","type":"proceedings-article","created":{"date-parts":[[2019,6,17]],"date-time":"2019-06-17T12:56:45Z","timestamp":1560776205000},"page":"79-90","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":37,"title":["InternalBlue - Bluetooth Binary Patching and Experimentation Framework"],"prefix":"10.1145","author":[{"given":"Dennis","family":"Mantz","sequence":"first","affiliation":[{"name":"TU Darmstadt, Darmstadt, Germany"}]},{"given":"Jiska","family":"Classen","sequence":"additional","affiliation":[{"name":"TU Darmstadt, Darmstadt, Germany"}]},{"given":"Matthias","family":"Schulz","sequence":"additional","affiliation":[{"name":"TU Darmstadt, Darmstadt, Germany"}]},{"given":"Matthias","family":"Hollick","sequence":"additional","affiliation":[{"name":"TU Darmstadt, Darmstadt, Germany"}]}],"member":"320","published-online":{"date-parts":[[2019,6,12]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"BinDiff. https:\/\/www.zynamics.com\/bindiff.html.  BinDiff. https:\/\/www.zynamics.com\/bindiff.html."},{"key":"e_1_3_2_1_2_1","unstructured":"radare2. https:\/\/github.com\/radare\/radare2.  radare2. https:\/\/github.com\/radare\/radare2."},{"key":"e_1_3_2_1_3_1","unstructured":"Unicorn Engine. https:\/\/github.com\/unicorn-engine\/unicorn.  Unicorn Engine. https:\/\/github.com\/unicorn-engine\/unicorn."},{"key":"e_1_3_2_1_4_1","unstructured":"Wireshark. https:\/\/www.wireshark.org\/.  Wireshark. https:\/\/www.wireshark.org\/."},{"key":"e_1_3_2_1_5_1","unstructured":"WARP Project. https:\/\/warpproject.org 2018.  WARP Project. https:\/\/warpproject.org 2018."},{"key":"e_1_3_2_1_6_1","unstructured":"Adafruit. Bluefruit LE Sniffer - Bluetooth Low Energy (BLE 4.0) - nRF51822 - Firmware Version 2. https:\/\/www.adafruit.com\/product\/2269.  Adafruit. Bluefruit LE Sniffer - Bluetooth Low Energy (BLE 4.0) - nRF51822 - Firmware Version 2. https:\/\/www.adafruit.com\/product\/2269."},{"key":"e_1_3_2_1_7_1","unstructured":"Android Open Source Project. Bluetooth Network Ports. https:\/\/chromium.googlesource.com\/aosp\/platform\/system\/bt\/  Android Open Source Project. Bluetooth Network Ports. https:\/\/chromium.googlesource.com\/aosp\/platform\/system\/bt\/"},{"key":"e_1_3_2_1_8_1","unstructured":"\/master\/doc\/network_ports.md.  \/master\/doc\/network_ports.md."},{"key":"e_1_3_2_1_9_1","unstructured":"Anguelkov Hugues. Reverse-engineering Broadcom wireless chipsets. https:\/\/blog.quarkslab.com\/reverse-engineering-broadcom-wireless-chipsets.html.  Anguelkov Hugues. Reverse-engineering Broadcom wireless chipsets. https:\/\/blog.quarkslab.com\/reverse-engineering-broadcom-wireless-chipsets.html."},{"key":"e_1_3_2_1_10_1","unstructured":"Artenstein Nitay. Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets. https:\/\/blog.exodusintel.com\/2017\/07\/26\/broadpwn\/ 2017.  Artenstein Nitay. Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets. https:\/\/blog.exodusintel.com\/2017\/07\/26\/broadpwn\/ 2017."},{"key":"e_1_3_2_1_11_1","unstructured":"Attify Store. Ubertooth One - Your BLE Hacking Tool. https:\/\/www.attify-store.com\/products\/ubertooth-one-your-ble-hacking-tool.  Attify Store. Ubertooth One - Your BLE Hacking Tool. https:\/\/www.attify-store.com\/products\/ubertooth-one-your-ble-hacking-tool."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC1761"},{"key":"e_1_3_2_1_13_1","unstructured":"Beniamini Gal. Over The Air: Exploiting Broadcom's Wi-Fi Stack (Part 1). https:\/\/googleprojectzero. blogspot.com\/2017\/04\/over-air-exploiting-broadcoms-wi-fi_4.html 2017.  Beniamini Gal. Over The Air: Exploiting Broadcom's Wi-Fi Stack (Part 1). https:\/\/googleprojectzero. blogspot.com\/2017\/04\/over-air-exploiting-broadcoms-wi-fi_4.html 2017."},{"key":"e_1_3_2_1_14_1","unstructured":"Biham Eli and Neumann Lior. Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack. http:\/\/www.cs.technion.ac.il\/~biham\/BT\/bt-fixed-coordinate-invalid-curve-attack.pdf 2018.  Biham Eli and Neumann Lior. Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack. http:\/\/www.cs.technion.ac.il\/~biham\/BT\/bt-fixed-coordinate-invalid-curve-attack.pdf 2018."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.40"},{"key":"e_1_3_2_1_16_1","unstructured":"Bloessl Bastian. GNURadio IEEE 802.11 a\/g\/p Transceiver. https:\/\/github.com\/bastibl\/gr-ieee802--11 2018.  Bloessl Bastian. GNURadio IEEE 802.11 a\/g\/p Transceiver. https:\/\/github.com\/bastibl\/gr-ieee802--11 2018."},{"key":"e_1_3_2_1_17_1","unstructured":"Bluetooth SIG. History of the Bluetooth Special Interest Group. https:\/\/www.bluetooth.com\/about-us\/our-history.  Bluetooth SIG. History of the Bluetooth Special Interest Group. https:\/\/www.bluetooth.com\/about-us\/our-history."},{"key":"e_1_3_2_1_18_1","unstructured":"Bluetooth SIG. The Link Manager Version Parameter. https:\/\/www.bluetooth.com\/specifications\/assigned-numbers\/link-manager.  Bluetooth SIG. The Link Manager Version Parameter. https:\/\/www.bluetooth.com\/specifications\/assigned-numbers\/link-manager."},{"key":"e_1_3_2_1_19_1","first-page":"12","author":"Bluetooth Core Bluetooth SIG.","year":"2016","journal-title":"Bluetooth SIG"},{"key":"e_1_3_2_1_20_1","first-page":"07","author":"Mesh Networking Bluetooth SIG.","year":"2017","journal-title":"Bluetooth SIG"},{"key":"e_1_3_2_1_21_1","first-page":"1","author":"Bluetooth Core Bluetooth SIG.","year":"2019","journal-title":"Bluetooth SIG"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3317549.3319727"},{"key":"e_1_3_2_1_23_1","unstructured":"Cypress Semiconductor Corporation. CY5677 CySmart Bluetooth Low Energy 4.2 USB Dongle. http:\/\/www.cypress.com\/documentation\/development-kitsboards\/cy5677-cysmart-bluetooth-low-energy-ble-42 -usb-dongle.  Cypress Semiconductor Corporation. CY5677 CySmart Bluetooth Low Energy 4.2 USB Dongle. http:\/\/www.cypress.com\/documentation\/development-kitsboards\/cy5677-cysmart-bluetooth-low-energy-ble-42 -usb-dongle."},{"key":"e_1_3_2_1_24_1","unstructured":"Cypress Semiconductor Corporation. CySmart - Bluetooth LE Test and Debug Tool. http:\/\/www.cypress.com\/documentation\/software-and-drivers\/cysmart-bluetooth-le-test-and-debug-tool.  Cypress Semiconductor Corporation. CySmart - Bluetooth LE Test and Debug Tool. http:\/\/www.cypress.com\/documentation\/software-and-drivers\/cysmart-bluetooth-le-test-and-debug-tool."},{"key":"e_1_3_2_1_25_1","unstructured":"Cypress Semiconductor Corporation. CYW920735Q60EVB-01 Overview. http:\/\/cypress.com\/CYW920735Q60EVB-01.  Cypress Semiconductor Corporation. CYW920735Q60EVB-01 Overview. http:\/\/cypress.com\/CYW920735Q60EVB-01."},{"key":"e_1_3_2_1_26_1","first-page":"10","author":"Cypress Semiconductor Corporation","year":"2016","journal-title":"FM Receiver"},{"key":"e_1_3_2_1_27_1","first-page":"10","author":"Cypress Semiconductor Corporation","year":"2016","journal-title":"Cypress Vendor-Specific Bluetooth Commands"},{"key":"e_1_3_2_1_28_1","unstructured":"Ellisys. Bluetooth Vanguard: Advanced All-in-One Bluetooth Analysis System. https:\/\/www.ellisys.com\/products\/bv1\/.  Ellisys. Bluetooth Vanguard: Advanced All-in-One Bluetooth Analysis System. https:\/\/www.ellisys.com\/products\/bv1\/."},{"key":"e_1_3_2_1_29_1","first-page":"1","volume-title":"International Workshop on Selected Areas in Cryptography","author":"Mantin Scott","year":"2001"},{"key":"e_1_3_2_1_30_1","first-page":"1","volume-title":"Man-in-the-Middle Attack on Bluetooth Secure Simple Pairing. In 3rd IEEE\/IFIP International Conference in Central Asia on Internet","author":"Hypponen K.","year":"2007"},{"key":"e_1_3_2_1_31_1","unstructured":"Ossmann Michael and Spill Dominic. Project Ubertooth: Open Source Wireless Development Platform Suitable for Bluetooth Experimentation. https:\/\/github.com\/greatscottgadgets\/ubertooth 2011.  Ossmann Michael and Spill Dominic. Project Ubertooth: Open Source Wireless Development Platform Suitable for Bluetooth Experimentation. https:\/\/github.com\/greatscottgadgets\/ubertooth 2011."},{"key":"e_1_3_2_1_32_1","first-page":"17","author":"Spill Michael","year":"2009","journal-title":"Smells Like Chicken. DEFCON"},{"key":"e_1_3_2_1_33_1","unstructured":"H. Reinaldo. Hello Quark! Fitbit Firmware Reversing (Lessons Learned). AlligatorCon 2016.  H. Reinaldo. Hello Quark! Fitbit Firmware Reversing (Lessons Learned). AlligatorCon 2016."},{"key":"e_1_3_2_1_34_1","unstructured":"Schulz Matthias. Teaching Your Wireless Card New Tricks: Smartphone Performance and Security Enhancements Through Wi-Fi Firmware Modifications . PhD thesis Technische Universit\"at 2018.  Schulz Matthias. Teaching Your Wireless Card New Tricks: Smartphone Performance and Security Enhancements Through Wi-Fi Firmware Modifications . PhD thesis Technische Universit\"at 2018."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Schulz Matthias and Wegemer Daniel and Hollick Matthias. Nexmon: The C-based Firmware Patching Framework. https:\/\/nexmon.org 2017.  Schulz Matthias and Wegemer Daniel and Hollick Matthias. Nexmon: The C-based Firmware Patching Framework. https:\/\/nexmon.org 2017.","DOI":"10.1145\/3131473.3131476"},{"key":"e_1_3_2_1_36_1","first-page":"1","volume":"7","author":"Spill D.","year":"2007","journal-title":"Eve Meets Alice and Bluetooth. WOOT"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3241539.3241566"}],"event":{"name":"MobiSys '19: The 17th Annual International Conference on Mobile Systems, Applications, and Services","location":"Seoul Republic of Korea","acronym":"MobiSys '19","sponsor":["SIGMOBILE ACM Special Interest Group on Mobility of Systems, Users, Data and Computing","SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3307334.3326089","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3307334.3326089","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:13:20Z","timestamp":1750202000000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3307334.3326089"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,6,12]]},"references-count":37,"alternative-id":["10.1145\/3307334.3326089","10.1145\/3307334"],"URL":"https:\/\/doi.org\/10.1145\/3307334.3326089","relation":{},"subject":[],"published":{"date-parts":[[2019,6,12]]},"assertion":[{"value":"2019-06-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}